* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--
GnuPG-bug-id: 1653.
Note that this works only if --output has been used.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.
* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--
The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte. With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte. Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".
The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
* common/http.c (http_open): Add arg httphost.
(http_open_document): Pass NULL for httphost.
(send_request): Add arg httphost. If given, use HTTPHOST instead of
SERVER. Use https with a proxy if requested.
(http_verify_server_credentials): Do not stop at the first error
message.
* dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
* keyserver/curl-shim.c (curl_easy_perform): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
* common/Makefile.am ($(PROGRAMS)): New rule
(t_http_LDADD): Use libcommontls.a without directory prefix.
* dirmngr/Makefile.am ($(PROGRAMS)): New rule.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey. Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp): Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
"NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.
* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
* common/http.c (http_session_t): Add field "refcount".
(_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
(send_request, my_npth_read, my_npth_write): Use SOCK object for the
transport ptr.
(http_session_release): Factor all code out to ...
(session_unref): here. Deref SOCK.
(http_session_new): Init refcount and transport ptr.
(http_session_ref): New. Ref and unref all assignments.
--
Having the reference counted session objects makes it easier for the
application to pass around only an estream. Without that the
application would need to implement an es_onclose machinery for the
session object.
* configure.ac (HAVE_NPTH): New ac_define.
* common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
* common/http.c: Ditto. Replace remaining calls to pth by npth calls.
(connect_server): Remove useless _().
* common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
* common/init.c (_init_common_subsystems): Remove call to pth_init.
* common/sysutils.c (gnupg_sleep): Use npth_sleep.
* scd/ccid-driver.c (my_sleep): Ditto.
--
USE_NPTH is used in case were we may build with and without nPth. The
missing definition HAVE_NPTH didn't allowed us to build outher sources
with nPTh support.
* src/estream.c (estream_internal): Add field SAMETHREAD.
(init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it.
(parse_mode): Add arg SAMETHREAD and parse that keyword.
(es_initialize): Rename to ...
(init_stream_obj): this. Add arg SAMETHREAD.
(es_create): Add arg SAMETHREAD. Call init_stream_lock after
init_stream_obj.
(doreadline): Call es_create with samethread flag.
(es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen)
(do_fpopen, do_w32open): Implement "samethread" keyword.
(es_freopen): Take samthread flag from old stream.
(es_tmpfile): Call es)_create w/o samethread.
--
Note: Unfortunately es_tmpfile has no mode arg so that we can't use
samethread.
* agent/gpg-agent.c (main): Make sure homedir is absolute.
* common/asshelp.c (lock_spawning): Create lock file with an absolute
name.
(start_new_gpg_agent): Use an absolute name for the socket and pass
option --homedir to the agent.
(start_new_dirmngr): Use an absolute name for the --homedir.
--
This patch makes gpg's --homedir option behave again like in older
versions. This is done by starting a new agent for each different
home directory. Note that this assumes --use-standard-socket is used
which is the default for 2.1.
* common/estream.c (es_freopen): Remove useless check for STREAM.
* kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
for BLOB.
* tools/sockprox.c (run_proxy): Do not fclose(NULL).
--
Found by Hans-Christoph Steiner with cppcheck.
* common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
* dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
(time_for_housekeeping_p): new.
--
I am not sure whether that y2038 hack is really useful but it might
make me smile in my retirement.
* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg. Adjust all users. Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.
--
It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key. This is helpful if
the keyserver is actually a pool of keyservers. This patch does this.
* common/mischelp.h (JNLIB_GCC_A_PRINTF): Use __gnu_printf__
(JNLIB_GCC_A_NR_PRINTF): Ditto.
--
Our printf supports most of the GNU features and thus we can silence
the warnings from mingw.
* agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
(start_pinentry): Ditto.
* common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
* common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
prototypes on Windows and some other platforms.
* common/logging.c (fun_writer): Declare addrbuf only if needed.
* g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
* g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
mode.
* g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
by -1 as temporary hack for Windows.
* g10/export.c (do_export): Ditto.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
* g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
--
The gpg server mode is not actual working and thus we can avoid the
warnings by explicitly disabling the mode. We keep it working under
Unix, though.
* common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy
functions.
(ESTREAM_MUTEX_INITIALIZE): Ditto.
--
GnuPG-bug-id: 1566
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 571bcd4662)
Reolved conflicts:
common/estream.c
Warning: estream.c still uses pth_mutex_* which is definitely wrong.
Needs to be investigated.
* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support. Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
--
This patch enables support for Putty. It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file. It
also works with a smartcard key.
May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9f32499f99)
Resolved conflicts:
NEWS
agent/agent.h
agent/gpg-agent.c: Convert from pth to npth.
common/sysutils.c
common/sysutils.h
* jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New.
(ARGPARSE_TYPE_MASK): New, for internal use.
(ARGPARSE_ignore): New.
* jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining
constants by macros.
(optfile_parse): Implement ARGPARSE_OPT_IGNORE.
(arg_parse): Exclide ignore options from --dump-options.
--
In addition to the ignore-invalid-option (commit 41d56433) it is often
useful to mark options in a configuration which as NOP. For example
options which have no more function at all but can be expected to be
found in existing conf files. Such an option (or command) may now be
given as
ARGPARSE_ignore (300, "obsolete-option")
The 300 is merely used as a non-valid single option name much like
group names or the 500+n values used for long options.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 54c54e2824)
Resolved conflicts:
common/argparse.c: Fixed.